https://github.com/osquery/osquery logo
Title
i

InfosecGuruji

06/25/2019, 1:12 PM
Is anybody forwarding osquery logs (json) to any open source threat intelligence platform like YETI or MISP? If yes, how do you approach it? How do you perform threat hunting with OSQuery (Windows mostly)
d

Dan

06/25/2019, 9:55 PM
You will likely want to place a SIEM in the middle that pulls/pushes to a TIP like YETI or MISP.
Not all of your event data will necessarily be related to a confirmed event or incident
i

InfosecGuruji

06/26/2019, 12:58 PM
Thanks for the info. Do you have any good resource to read up on top of your head regarding same?
j

jamie

06/27/2019, 2:05 PM
airbnb sends osquery logs to streamalert via kinesis, matches ioc from anomali
(they do this for all events now not just syslog)
i

InfosecGuruji

06/27/2019, 2:09 PM
Interesting. Thanks @jamie